Enabling Kerberos for Internet Explorer and Spotfire Analyst

Follow these steps on every computer using Internet Explorer or Spotfire Analyst.

Procedure

Go to Tools > Internet Options > Advanced and select Enable Integrated Windows Authentication (Requires Restart).
The Spotfire Server you are connecting to must be located in the Intranet security zone.

Note: If the website is located in the Internet security zone, Internet Explorer will not even attempt Kerberos authentication. This is because in most Internet scenarios a connection with a domain controller can not be established. The simple rule is that any URL that contains periods, such as an IP address or Fully Qualified Domain Name (FQDN), is in the Internet zone. If you are connecting to an IP address or FQDN, you can use the settings in Internet Explorer or Group Policy to add this site to the Intranet security zone. For more information on how Internet Explorer evaluates the zone of a resource, see the Microsoft Knowledge Base article KB 258063.

Important: If a client accesses a server belonging to another trusted domain, that server must be added to the Local Intranet zone, found under Internet Options > Security > Local Intranet. Without this setting, Internet Explorer, or Spotfire Analyst will not be able to authenticate using Kerberos.

For example, if the client client.emea.example.com accesses the server server.na.example.com, then server.na.example.com must be added to the Local Intranet zone.